Understanding Group Policy

Have you wasted your time and money purchasing books, classroom training or visiting support groups? Tired of searching online for more information about Group Policy? Look no further. Everything you need to know about them is right here, on one web page! And best of all: It’s free!

So let’s get started…

What is Group Policy?

Group Policy is a feature in Windows which is rarely used correctly, if used at all. When they are used, they are formed as logical objects called “Group Policy Objects” or GPOs. They’re intended to make as many changes to a computer as possible. The more, the better.

What is Group Policy used for?

In most cases, they’re used for combining way too many conflicting settings into a single GPO, which is then linked to the wrong OUs, and often contains a whole bunch of WMI filtering, just to keep them from running too fast.

Also, many experts prefer to create multiple instances with the same settings enabled, but with different values, and then experiment with priorities, blocking, enforcement, and WMI filtering, all in a safe, and isolated production environment.

When Should I Use Group Policy?

If you are reading this article because you really don’t know what Group Policy is about, then you should start by asking someone else, who is familiar with them, to do what you need. They’re easy to identify, as they often have a natural glow about them, along with a serious facial expression.

If you are reading this because you ran out of interesting articles to skim through on your phone while sitting on the toilet in the office restroom, then you should just be sure there’s enough toilet tissue on the roll next to you.

Oh yeah, what should you use Group Policy for? The real question should be “When should you NOT use them?” Keep reading!

When Should I NOT Use Group Policy?

If you’re not sure, don’t use them yet. Wait, what am I saying?! You should always use them, no matter what the occasion. The best time to use them is on a day of the week with a name that ends with a “y”. So, if you’re wondering about when to not not use them, you should actually think of it as when to not not not not not not never not ever not use them.

What are the Basic Ways to Apply Group Policy?

There are two (2) basic ways: Break computers or break users. But if you really know what you’re doing, you can also break network links. The “expert” way to use them is to create several dozen of them, and link them randomly to OU’s throughout your AD forest.

How to Tell a GPO Expert from a GPO Novice?

That’s easy. A GPO Expert is one who creates a new GPO for every setting, or puts them all into the Default Domain Policy. They are also sure to NEVER create documentation for their GPO’s, nor do they used the internal commenting features. And finally, a GPO Expert will often tell you (and anyone else nearby) that they are a GPO Expert.

A GPO Novice asks questions and does research, and boring stuff like that.

What is a Central Store?

A Group Policy Central Store is a small brick building in the poorest part of town where you can wait out back around 2:00 AM for a guy to drive up and sell you small bags of Group Policy. Hold on, that was the wrong index card, just a sec…

Oh! Yes, I’m sorry, a GP Central Store is a folder you create on one of your AD domain controllers, and then copy every .ADMX and .ADML file you can find throughout your entire organization into that one folder. It doesn’t even matter where you create the folder, or what you name it.

Where Do I Get Group Policy Training?

If you’re a GPO Expert, you are the trainer. You advise everyone within 50 feet of you about the importance of GPO’s, the proper ways to use GPO’s, and why they’re the most important invention mankind has ever conceived, whether they touch GPO’s or not. Everyone from custodial staff to receptionists just loves to hear more about GPO’s and how they make the world a brighter place.

If you’re new to Group Policy, just hang around the coffee break room, or walk around until you find the loudest-talking IT expert in your building. Chances are you’ll find the GPO Expert in your organization within minutes. Once you find them, don’t shake their hands, because you might offend their sense of superiority. So do a Japanese-style bow, introduce yourself, and humbly beg for a few minutes of their intergalactic knowledge to be drizzled onto your dried-up brain for just a few minutes.

Making Your First GPO

The first step in creating a new GPO is to just create one and link it immediately to the OU with the most objects inside of it. The more settings you “configure” the better.

Your next step is to create more GPOs with the same settings “configured” but with different values assigned, and then link those to the same OU’s as your first GPO. Repeat this process until your fingers are tired of creating and linking GPO’s for the day. You can resume making more of them tomorrow.

Finally, review your GPO’s and make sure you don’t have any comments or notes included anywhere. Also, any documentation you might have created should be deleted. The mark of a true GPO Expert is to never document anything. Why would they? All possible knowledge is contained in their cranium, nicknamed “the death star”, and nobody else will ever be qualified to step in for them, so documentation is a waste of time. Lesser skilled minions will never understand the uber-complicated matter of GPO notes anyway.

Summary

Everything you read above is complete bullshit and should be ignored – if you wish to remain employed.